In identity theft, it's not just about who you know

Major identity thieves obtain the personal information they crave from retailers, financial companies and other businesses about half the time, a recent study suggests, undercutting a common perception that potential victims should worry most about being scammed by people they know.

The federally funded study paints a complex portrait of the signature crime of the digital age, one that has been the top consumer-fraud complaint to federal authorities for six consecutive years.

Of more than 500 offenders arrested by the U.S. Secret Service between 2000 and 2006, just 8 percent were related to or socially acquainted with victims whose sensitive data were used to write checks, take out loans or buy cars.

"The role of strangers -- that's different than what's been reported until now," said lead scientist Gary Gordon of the Center for Identity Management and Information Protection at Utica College in New York, which produced the report.

Previous analyses mainly were based on surveys of victims who knew how someone ended up pretending to be them. They often pointed to acquaintances. Federal Trade Commission officials have faulted such figures, saying most victims of online thefts and compromised businesses are unlikely to learn how their information was pried loose.

Some of the best known of the past studies have been publicized by Javelin Strategy & Research, which has taken funding from Visa USA, Wells Fargo & Co. and others that benefit from electronic transactions.

In April, for example, the company said consumer fears about data break-ins were overblown because "breaches only account for 3 percent of all known-cause ID fraud." Javelin has claimed that half of known offenders are family or friends, and this year it said that 40 percent of ID theft cases stem from lost or stolen wallets, credit cards and checks.

The Utica College research shows that "non-technological means" such as mail stealing and garbage diving were used in about 20 percent of the ID theft crimes solved by the Secret Service. That's the same proportion driven by Internet scams, such as e-mail hustles and computer hacking.

The most common tool for identity theft was a range of technology devices, including credit card encoders, computer printers and telephones. Devices were used 37 percent of the time.

The new study is based on cases closed by the Secret Service, which has become the lead federal agency in criminal identity theft because of its role protecting U.S. financial systems.

Javelin founder James Van Dyke said he didn't see a conflict with his company's results, because the Secret Service typically takes high-dollar cases. Those would be more likely to involve businesses, strangers and technology than Javelin's broad base of victims reached through telephone polling, Van Dyke said.

The median loss in the Utica College database was $31,000, while a Gartner Inc. survey of consumer victims this year found an average loss of about $3,300.

Gordon did caution against generalizing from the statistics because his study looked only at cases that were solved by the Secret Service, a tiny minority of the more than 15 million annual instances estimated by Gartner. Other prosecutions are handled by local or state police. The exclusion of unsolved cases could skew the findings.

Among other findings by Gordon's team: When businesses were targeted, 40 percent of the time it was by employees of the companies, not outsiders such as contractors or hackers. In the employee cases, 60 percent worked in retail and 22 percent in financial services.

"The data shows a wide range of ways personal-identifier information can be stolen. It's not just a person sitting at a computer screen hacking into a corporation," Gordon said. "It's a wide spectrum."